Search code examples
apachejiracentos7mod-proxy

Apache Virtual host document root AND proxy file access forbidden

I am setting up my personal domain and I have this config:

ServerAdmin contact@brentc.in

Listen 80
<VirtualHost *:80>
    DocumentRoot "/www/brentc.in"
    ServerName brentc.in
    ServerAlias www.brentc.in
</VirtualHost>

Listen 443 https

SSLPassPhraseDialog builtin

SSLSessionCache         shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000)
SSLSessionCacheTimeout  300

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost *:443>
    ServerName brentc.in
    ServerAlias www.brentc.in
    DocumentRoot /www/brentc.in/
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem   
</VirtualHost>

<VirtualHost *:443>
    ServerName atlassian.brentc.in
    ServerAlias www.atlassian.brentc.in
    DocumentRoot /www/atlassian.brentc.in/

    Options Indexes FollowSymLinks Includes ExecCGI

    SSLProtocol all -SSLv2

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass       /jira/secure/admin/IntegrityChecker.jspa    http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa timeout=3600
    ProxyPassReverse    /jira/secure/admin/IntegrityChecker.jspa        http://localhost:8081/jira/secure/admin/IntegrityChecker.jspa

    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/brentc.in/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/brentc.in/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/brentc.in/fullchain.pem

    BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    <Location /jira>
        Header set Access-Control-Allow-Origin "*"
        Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept"
        ProxyPass               http://localhost:8081/jira retry=0
        ProxyPassReverse        http://localhost:8081/jira
        SetOutputFilter DEFLATE
    </Location>
</VirtualHost>

For the first domain (brentc.in) I can access index.html just fine. For the second domain (atlassian.brentc.in) it shows the apache sample (test 123) page and when I explicitly go to index.html it says I'm not allowed to access the file.

My file permissions are exactly the same as the working index.html. Am I missing something here?

The atlassian.brentc.in is also a proxy to a behind the scenes tomcat server. My intention is, when you go to atlassian.brentc.in it shows you a landing page. Then from there you can go to atlassian.brentc.in/jira.

The error_log contains this:

[Wed Jun 14 10:43:47.714099 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/index.html
[Wed Jun 14 10:43:47.952670 2017] [authz_core:error] [pid 4399] [client <ip>:58299] AH01630: client denied by server configuration: /www/atlassian.brentc.in/favicon.ico, referer: https://atlassian.brentc.in/index.html
Solution

  • i think you need to add something like this

    <Directory "your/sample/directory">
    # AllowOverride All      # Deprecated
    # Order Allow,Deny       # Deprecated
    # Allow from all         # Deprecated

    # --New way of doing it this is the important part
    Require all granted  
</Directory>